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DANG, Administrative Patent Judge. 

DECISION ON APPEAL 1 



1 The two-month time period for filing an appeal or commencing a civil 
action, as recited in 37 C.F.R. § 1.304, or for filing a request for rehearing, 
as recited in 37 C.F.R. § 41.52, begins to run from the "MAIL DATE" 
(paper delivery mode) or the "NOTIFICATION DATE" (electronic delivery 
mode) shown on the PTOL-90A cover letter attached to this decision. 
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I. STATEMENT OF CASE 
Appellant appeals the Examiner's final rejection of claims 1-8 and 10- 
26 under 35 U.S.C. § 134(a). We have jurisdiction under 35 U.S.C. § 6(b). 
We affirm-in-part. 

A. INVENTION 
According to Appellant, the invention relates to multicomputer data 
transferring, and more particularly, to computer-to-computer authentication 
and authorization (Spec. 1, 11. 8-13). 

B. ILLUSTRATIVE CLAIM 
Claim 1 is exemplary and reproduced below: 

1. A method for an authentication process within a data 
processing system, the method comprising: 

receiving at a single sign-on (SSO) agent an initial 
authentication request for a user; 

authenticating the user at the SSO agent for the initial 
authentication request; 

retrieving by the SSO agent an attribute certificate 
associated with the user; and 

authenticating the user for subsequent authentication 
requests via the SSO agent using authentication data within the 
attribute certificate. 
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C. REJECTIONS 
The prior art relied upon by the Examiner in rejecting the claims on 
appeal is: 



Parker US 5,339,403 Aug. 16, 1994 

Olden US 6,460,141 Bl Oct. 1, 2002 

Wood US 6,691,232 Bl Feb. 10, 2004 

Butt US 6,754,829 Bl Jun. 22, 2004 

Riggins US 6,766,454 Bl Jul. 20, 2004 



Claims 1, 3, 11, 13, 19, and 21 stand rejected under 35 U.S.C. § 
103(a) as being unpatentable over Wood in view of Parker. 

Claims 2, 5, 12, 15, 20, and 23 stand rejected under 35 U.S.C. § 
103(a) as being unpatentable over Wood in view of Parker and Riggins. 

Claims 4, 6, 7, 10, 14, 16, 17, 22, 24, and 25 stand rejected under 35 
U.S.C. § 103(a) as being unpatentable over Wood in view of Parker and 
Olden. 

Claims 8, 18, and 26 stand rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Wood in view of Parker and Butt. 
Claim 9 is not rejected over prior art. 2 

II. ISSUE 

Has the Examiner erred in finding that Wood in view of Parker would 
have disclosed or suggested "authenticating the user for subsequent 
authentication requests via the SSO agent using authentication data within 

2 Although the Final Rejection indicates that claims 1-26 stand rejected, as 
noted by Appellant, "claim 9 has not been rejected over the cited references" 
(App. Br. 2). In fact, the Examiner does not address claim 9 at all in the 
Final Rejection and does not address Appellant's note of the omission in the 
Examiner's Answer. 
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the attribute certificate" (claim 1), as Appellant contends? In particular, the 
issue turns on whether Wood would have disclosed or suggested 
authenticating the user for subsequent authentication requests via the SSO 
agent, as required by claim 1 . 

III. FINDINGS OF FACT 
The following Findings of Fact (FF) are shown by a preponderance of 
the evidence. 

Wood 

1. Wood discloses a single login component that obtains login 
credentials wherein the login credentials obtained are selected from a 
set of credential types that, if authenticated, are sufficient to achieve 
the trust level requirement of an application or information resource to 
be accessed (col. 5, 11. 49-60) 

2. Login credential types include those based on passwords, certificates, 
biometric techniques, and the like (col. 5, 11. 60-65). 

3. If the entity requesting access has not yet been authenticated to the 
trust level required for the particular access, the authorization 
component indicates that the access request is to be redirected to the 
login component so that login credentials may be obtained and 
authenticated to a particular trust level (col. 6, 11. 4-10). 

4. The browser sends the login component a new access request using 
the URL specified in the redirect from gatekeeper/entry handler 
component (col. 10, 11. 58-60). 
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IV. ANALYSIS 
Claims 1, 3, 11, 13, 19, and 21 

Appellant contends that "the centrality of the SSO agent to the initial 
and subsequent authentication requests is simply not addressed by either of 
the cited Wood or Parker references" (App. Br. 6, emphasis omitted). In 
particular, Appellant contends that "the rejection analysis in no way 
acknowledges the specifically-claimed role of the SSO agent in both the 
initial authentication request and in the subsequent authentication requests" 
(id.). According to Appellant, "the cited passage from Wood confirms 
that, once login credentials are obtained for a user, 'the access will 
typically be allowed without the need for further login credentials and 
authentication '" and thus, "there are no 'susequent authentication 
requests' in the Wood scheme" (id.). 

Appellant further contends that "the motivational statement in the 
rejection fails to explain why one would have been motivated to employ the 
attribute certificates of Parker in the system of Wood" (App. Br. 7). 
Furthermore, "Wood's disclosure that no further authentication will be 
required actually teaches away from Applicant's claim requirement of 
performing subsequent authentication requests" (App. Br. 8, emphasis 
omitted). 

The Examiner finds that "Wood teaches an SSO agent 120 that 
accepts login credentials including certificates to authenticate a user" (Ans. 
6) wherein "the user may have to be authenticated [at] an initial and 
subsequent time" (Ans. 7). In particular, the Examiner finds that "Wood 
describes subsequent authentication requests are to achieve a sufficient trust 
level with the SSO component" wherein "a certificate may be used as a 
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credential" and "[t]he SSO agent retrieves the certificate form the user to 
authenticate the user" (id.). 

Wood discloses a login component that obtains login credentials that, 
if authenticated, are sufficient to achieve the trust level requirement of an 
application or information resource to be accessed (FF 1), wherein the login 
credential types include those based on certificates and the like (FF 2). 
Thus, we find that Wood discloses receiving at an SSO agent an initial 
authentication request for a user, authenticating the user at the SSO agent for 
the initial authentication request, and retrieving by the SSO agent a 
certificate associated with the user. 

Further, in Wood, if the entity requesting access has not yet been 
authenticated to the trust level required for the particular access, the 
authorization component indicates that the access request is to be redirected 
to the login component so that login credentials may be obtained and 
authenticated to a particular trust level (FF 3), and the browser sends the 
login component a new access request using the URL specified in the 
redirect from gatekeeper/entry handler component (FF 4). We find that 
Wood also discloses "authenticating the user for subsequent authentication 
requests via the SSO agent using authentication data within the attribute 
certificate," as recited in claim 1. That is, we find the new access request 
using the URL specified in the redirect to be a subsequent authentication 
request at the login component. Further, since the redirect is based upon the 
initial authentication data, which can be within a certificate, we find the 
subsequent authentication to be using the initial authentication data within 
the certificate. 
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Though Appellant contends that the SSO agent does not have a role 
"in both the initial authentication request and in the subsequent 
authentication requests" (App. Br. 6), the login agent of Wood plays a role 
in both the initial authentication request and the subsequent authentication 
request in the redirected process. 

As to Appellant's argument that Wood's "access will typically be 
allowed without the need for further login credentials and authentication" 
(id., emphasis omitted), such argument is not commensurate in scope with 
the language of claim 1. That is, claim 1 does not preclude typical access 
without the need for further login credentials and authentication but rather 
merely requires that there will be subsequent authentication. Thus, contrary 
to Appellants' argument that in Wood's disclosure, "no further 
authentication will be required" and that Wood "actually teaches away from 
Applicant' s claim requirement of performing subsequent authentication 
requests" (App. Br. 8), Wood does teach that subsequent authentication is 
required if the trust level is insufficient. 

We note also that the language of claim 1 does not require the 
subsequent authentication requests to be after a subsequent sign-on. That is, 
claim 1 merely requires that the subsequent authentication be made using 
authentication data within the attribute certificate (without any specifics as 
to how it is being used). Thus, we find claim 1 to merely require numerous 
authentications, wherein the subsequent authentication is by "using" 
authentication data. 

As to Appellant' s contention that "the motivational statement in the 
rejection fails to explain why one would have been motivated to employ the 
attribute certificates of Parker in the system of Wood" (App. Br. 7), since 
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Parker discloses an attribute certificate, we conclude that the exchange of 
one known element (Parker' s attribute certificate) with another (Wood' s 
certificate) would have yielded predictable results to one of ordinary skill in 
the art at the time of the invention. That is, we find that using an attribute 
certificate as that of Parker in place of the certificate of Wood is no more 
than a simple arrangement of old elements, with each performing the same 
function it had been known to perform, yielding no more than one would 
expect from such an arrangement. See KSR Int'l Co. v. Teleflex Inc., 550 
U.S. 398, 406 (2007). 

The skilled artisan would "be able to fit the teachings of multiple 
patents together like pieces of a puzzle" since the skilled artisan is "a person 
of ordinary creativity, not an automaton." Id. at 420-21. Appellants have 
presented no evidence that using Parker's attribute certification as Wood's 
certificate was "uniquely challenging or difficult for one of ordinary skill in 
the art" or "represented an unobvious step over the prior art." See Leapfrog 
Enters., Inc. v. Fisher-Price, Inc., 485 F.3d 1157, 1162 (Fed. Cir. 2007) 
(citing KSR, 550 U.S. at 418-19). 

Accordingly, for the above reasons, we affirm the rejection of claim 1 
and claims 3, 11, 13, 19, and 21 falling therewith under 35 U.S.C. § 103(a) 
as being unpatentable over Wood in view of Parker. 

Claims 2, 5, 12, 15, 20, and 23 

Appellant merely repeats that "Wood[']s disclosure actually teaches 
way from the claim requirements" (App. Br. 10) for claims 2, 5, 12, 15, 20, 
and 23, and adds that "Riggins fails to remedy the deficiencies of a 
hypothetical combination of Wood[] and Parker" (id.). As discussed above, 
we do not find Wood to teach away and find no deficiencies with respect to 
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the combination of Wood and Parker. Accordingly, we also affirm the 
rejection of claims 2, 5, 12, 15, 20, and 23 under 35 U.S.C. § 103(a) as being 
unpatentable over Wood in view of Parker and Riggins. 

Claims 4, 6, 7, 10, 14, 16, 17, 22, 24, and 25 
Appellant again repeats that "Wood[']s disclosure actually teaches 
away from the claim requirements" (App. Br. 11) for claims 4, 6, 7, 10, 14, 
16, 17, 22, 24, and 25, and similarly contends that "Olden fails to remedy the 
deficiencies of a hypothetical combination of Wood[] and Parker" {id.). 
Since, as discussed above, we find that Wood does not teach away from the 
claim requirement of performing subsequent authentication requests, we also 
affirm the rejection of claims 4, 6, 7, 14, 16, 17, 22, 24, and 25 under 35 
U.S.C. § 103(a) as being unpatentable over Wood in view of Parker and 
Olden. 

However, since claim 10 depends from claim 9 which has not been 
rejected over prior art, we reverse the rejection of claim 10 under 35 U.S.C. 
§ 103(a). 

Claims 8, 18, and 26 
Appellant further repeats that "Wood[']s disclosure actually teaches 
away from the claim requirements" (App. Br. 13) for claims 8, 18, and 26, 
and similarly contends that "Butt fails to remedy the deficiencies of a 
hypothetical combination of Wood[] and Parker" (App. Br. 12). For the 
reasons discussed above, we also affirm the rejection of claims 8, 18, and 26 
under 35 U.S.C. § 103(a) as being unpatentable over Wood in view of 
Parker and Butt. 
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V. CONCLUSIONS 

A) Appellant has not shown that the Examiner erred in finding that 1) 
claims 1, 3, 11, 13, 19, and 21 are unpatentable over the teachings of Wood 
in view of Parker; 2) claims 2, 5, 12, 15, 20, and 23 are unpatentable over 
the teachings of Wood in view of Parker and Riggins; 3) claims 4, 6, 7, 14, 
16, 17, 22, 24, and 25 are unpatentable over the teachings of Wood in view 
of Parker and Olden; and 4) claims 8, 18, and 26 are unpatentable over the 
teachings of Wood in view of Parker and Butt. 

B) Claim 9 is not rejected over prior art. 

C) Appellant has shown that the Examiner erred in finding that claim 
10 depending from claim 9 is unpatentable over the teachings of Wood in 
view of Parker and Olden. 

D) Claims 1-8 and 11-26 are not patentable. 

VI. DECISION 

The Examiner's decision rejecting claims 1-8 and 11-26 under 
35 U.S.C. § 103(a) is affirmed and the Examiner's decision rejecting claim 
10 under 35 U.S.C. § 103(a) is reversed. 

No time period for taking any subsequent action in connection with 
this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(iv). 

AFFIRMED-IN-PART 
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